Lessons Learned in Over a Decade of Technical Support… | INIS

Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes

by Glantz, C.S.; Landine, G.P.; Craig, P.A. Jr.; Bass, R.B. (Pacific Northwest National Laboratory, Richland, WA (United States)), E-mail: cliff.glantz@pnnl.gov

fromInternational Conference on Nuclear Security: Enhancing Global Efforts. Proceedings of the Interational Conference

[en] Pacific Northwest National Laboratory’s (PNNL) nuclear cyber security team has been providing technical support to the U.S. Nuclear Regulatory Commission (NRC) since 2002. This team has provided technical experties in conducting cyber security inspections, developing of regulatory rules and guidance, reviewing facility cyber security plans, developing inspection guidance, and developing and teaching NRC inspectors how to conduct cyber security assessments. The extensive experience gained by the PNNL team has allowed them to compile a lenghty list of recommendations on how to improve cyber security programs and conduct assessments. A selected set of recommendations are presented, including the need to: integrate an array of defensive strategies into a facility’s cyber security program, coordinate physical and cyber security activities, train physical security forces to resist a cyber-enabled physical attack, improve estimates of the consequences of a cyber attack, properly resource cyber security assessments, appropriately account for insider threats, routinely monitor security devices for potential attacks, supplement compliance-based requirements with risk-based decision making, and introduce the concept of resilience into cyber security programs. (author)

via Lessons Learned in Over a Decade of Technical Support… | INIS.